Solved

How to involve IP address and/or Mac address in NAT rule

Posted on 2004-10-06
1
219 Views
Last Modified: 2010-08-05
My server (Linux redhat) is providing NAT service to my LAN using this rule

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

eth0 is my LAN card interface
eth1 is the public LAN card interface

My question is how to provide NAT service only to one LAN workstation (192.168.0.8) and involve MAC address in this rule to avoid internal hackers using that IP.

Thanks to you all !
0
Comment
Question by:diordonez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 12

Accepted Solution

by:
mburdick earned 250 total points
ID: 12243929
While you can accomplish what you want easily, you should be warned that you aren't adding much security to your network.

If a user is smart enough to hard-code an IP to get access, it's likely that they can also override the MAC on their NIC as well. And, your security controls still don't stop them.

A sample of an IPTABLES rule that allows you to integrate a source MAC is:

-A FORWARD -s 172.20.20.11  -i eth0 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question